U.S. accuses Chinese citizens of hacking law firms, insider trading

Discussion in 'Wall St. News' started by dealmaker, Dec 27, 2016.

  1. Sig

    Sig

    With the amount of money involved why even bother doing something illegal like that. Simply hire someone to follow the guy and report back, perfectly legal and even legal to trade off it.
     
    #11     Dec 28, 2016
    vanzandt likes this.
  2. vanzandt

    vanzandt

    Of course this post just made the brother- in- laws of every NSA employee rich. Oh well.
     
    #12     Dec 28, 2016
  3. dealmaker

    dealmaker

    #13     Dec 28, 2016
  4. may appear gibberish when you don't understand. You shouldn't talk about topics without some basic knowledge, here ya go jr
    http://security.stackexchange.com/q...g-out-firewall-is-this-automated-scans-or-are
    http://subnettingpractice.com/ip_allocation.html
     
    #14     Dec 29, 2016
  5. Sig

    Sig

    I run a company with a significant cloud software component so I kind of do have some basic knowledge in this area, while you stated that you do not. In the interest of educating rather then flaming, however, I'll explain a little. If a regular user from China hits your server you will indeed see their IP address in your server logs. A firewall is simply a construct set up to screen packets before they get to your server, and you would see those IP addresses there as well and could also instruct your firewall to block any range of IP addresses.
    However, it is trivial to use a VPN or proxy in the U.S. This is a computer that takes in a packet from anywhere in the world, then resends it to its destination. When it is resent, the packet has the VPN or proxy's IP address. If that VPN or proxy is in the U.S. It will have a U.S. IP address and there will be no way for the server's administrator or the firewall to know where it originated short of getting a warrant to search the proxy computer. Networks like Tor take this to another level with a network of thousands of computers around the world set up as proxy's, most private computers, with each packet randomly bouncing between several computers in a number of jurisdictions with no records maintained and again easy to ensure a U.S. or European last hop to get their IP address. Anonymizing systems like this make it almost impossible to track down the origin of any hacker who has very basic level know-how. Go ahead, install Tor on your computer, hit your server, look at your server logs, and tell me what IP address you see?
    Suffice it to say it wouldn't be at all surprising if there was a person much like lylec305 in mgt at the law firm who was sure they were fine because they'd blocked overseas IP addresses at the firewall without having a real understanding of what that meant.
     
    #15     Dec 29, 2016
  6. That's a long winded explaining on the blog. I have network and security personnel on my team. Check the links i provided. Gov agencies are a lot more complex than cloud, a new buz word for something we did long ago. Cloud is a security risk, will dissipate just like corba.
    Anyhow, what i was attempting to say in as few words possible. All hackers start with something. They just don't pull from thin air.
     
    Last edited: Dec 29, 2016
    #16     Dec 29, 2016
  7. Sig

    Sig

    Do you disagree with anything I posted or just can't be bothered to put a couple minutes in to understand a complex topic, so you criticize it on length alone? Have you installed Tor and checked your server logs? Oh, you don't have a server nor would you know how to check the logs if you did and it's just too much to install an app, so you'll just criticize the concept of cloud computing, something else you clearly don't even have a rudimentary understanding of.
    Unbelievable! As I said it's people like you that allow these types of breaches to occur because you make decisions based on a dangerous misconceptions and apparently have not only stopped learning, but refuse to.
     
    #17     Dec 29, 2016
  8. You're to long winded. I have personnel to take care of a box called security on the architecture diagram. Check the link i sent you.
    Interested to see a firewall breach pull something of significance without any inside info. Could be more forensic audit to come to understand the whole picture.
    You criticized me and now you say i criticized you first hahaha. Typical know it all...
     
    Last edited: Dec 29, 2016
    #18     Dec 29, 2016
  9. Sig

    Sig

    You gotta love willful ignorance!
     
    #19     Dec 29, 2016
  10. You cannot bait me into a BS discussion on a blog. You didn't comment correctly from the beginning. Think subnet mask inside LAN and a breach thru the firewall. That'll be picked off immediately. Unless they have side info. Plus developing large scale systems, security is merely a utility.
     
    #20     Dec 29, 2016